Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously crafted PNG image, the vulnerability allows the execution of arbitrary code.
For the stable distribution (etch), these problems have been fixed in version 1.2.4-4.1+etch1.
For the unstable distribution (sid), these problems have been fixed in version 1.4.10-1.1.
We recommend that you upgrade your libcairo packages.